Value Statement

As we prepare to migrate to a newer authentication method for Discovery, we need to enhance the UI to support the service account authentication method for OpenShift Cluster Manager (OCM). This will involve allowing users to provide the necessary credentials via a ServiceAccount.

Sample ServiceAccount YAML below:

apiVersion: v1
data:
  auth_method: service-account
  client_id: ENCRYPTED_CLIENT_ID
  client_secret: ENCRYPTED_CLIENT_SECRET
kind: Secret
metadata:
  labels:
    cluster.open-cluster-management.io/credentials: ''
    cluster.open-cluster-management.io/type: rhocm
  name: ocm-api-service-account
  namespace: NAMESPACE
type: Opaque 

We will also need to update the auth_method for the previous authentication method as well:

apiVersion: v1
data:
  auth_method: offline-token
  ocmAPIToken: ENCRYPTED_TOKEN
kind: Secret
metadata:
  labels:
    cluster.open-cluster-management.io/credentials: ''
    cluster.open-cluster-management.io/type: rhocm
  name: ocm-api-token
  namespace: NAMESPACE
type: Opaque 

Definition of Done for Engineering Story Owner (Checklist)

• [x] UI support OCM ServiceAccount authentication for Discovery.
• [x] UI continue to support OCM offline API token for Discovery.

Development Complete

• The code is complete.
• Functionality is working.
• Any required downstream Docker file changes are made.

Tests Automated

• [ ] Unit/function tests have been automated and incorporated into the
  build.
• [ ] 100% automated unit/function test coverage for new or changed APIs.

Secure Design

• [ ] Security has been assessed and incorporated into your threat model.

Multidisciplinary Teams Readiness

• [X] Create an informative documentation issue using the Customer ACM-14579
• [X] Link the development issue to the doc issue.

Support Readiness

• [ ] The must-gather script has been updated.